t.stuelten at tu-bs.de
Tue Mar 8 19:16:56 EET 2005
On Tue, 8 Mar 2005, Sean Middleditch wrote:
> I'll have to look into POSIX ACLs more and see how/if the API wraps
> classic UNIX permissions.
I don't know the API for POSIX, AFS or NTFS ACLs, so the following
may be wrong :) (I used http://www.ee.ust.hk/~vlsi/tutorials/afs.htm
(AFS) and "man smbcacls" (NTFS)).
May be they are worth to look? If not drop this part...
AFS and NTFS know some more rights than the 3 POSIX rights (7 and 5).
NTFS distinguish between "P - Change permissions" and "O - Take ownership"
where afs knows only "ADMINISTER a" and POSIX has the owner.
AFS additionally knows
"LOOKUP l" (which may be the same as POSIX "x" for a dir?) and
"LOCK k allow the files under the directory to be locked" (?)
I find these rights:
r,w,x, *d*elete, [*a*dminister | [Change *p*ermissions | Take *o*wnership]],
"*i*nsert for dirs", if that is different from write for dirs and
"*l*ookup for dirs", if that is different from read for dirs)
These rights are ALLOWED or DENIED for some user/groupnames.
An ACL then looks like a list of <user/groupname, allow/deny, mask>.
This should match POSIX (at least 3 entries: user,group,other, more if
with ACLs), AFS (0 without any rights, multiple otherwise) and NTFS (like
AFS). Fs like ftp would probably use only one (<username,allow,rwd>).
Translated POSIX rights would then look like:
dir: r -> r, w -> w+i+d+(owner ? a : -), x -> x+l
file: r -> r, w -> w +d+(owner ? a : -), x -> x
There could be three ways to get rights: (change names to appropriate style)
writeable(), readable() for the current user and getACL() or
getMetadata(key:="xdg:ACL") returning the complete list.
(Are there FS which do not return a complete ACL, but allow only to test
for single rights (Something like "boolean isAllowed(user,mask)")?
To change ACLs, use something like "grant(user,mask)" and
"revoke(user,mask)"? But equal names for users and groups may be a problem
for POSIX and AFS.
> Using the XDG mimetype definitions makes sense - whatever it would
> report for the mimetype is what DVFS would report.
The DVFS adds further mimetypes to the types delivered by fs like http?
OK - for most filesystems it has do be done anyway and doing it in
the DVFS layer avoids wrong/misleading mimetypes.
Other silly questions:
What about file xattrs? Simply return them using some prefix for
unknown keys and mapping known keys to special DVFS-keys (e.g. mimetype)?
(usually they have an prefix already, e.g. "system." for ACLs)?
Without additional prefix, they may interfere with other namespaces.
How to return multiple values in the value of a key-value-pair?
(listxattrs returns an int giving the number of elements and a
list with \0 as delimiter. Maybe the .desktop-style is better for
other languages than C? Something like "key=value1;value2"?)
Force the encoding of (all strings used in DVFS|metadata) to be UTF-8?
mailto: t.stuelten at tu-bs.de
More information about the xdg